UNPKG

@bdzscaler/pulumi-zia

Version:

A Pulumi package for creating and managing zia cloud resources.

www.zscaler.com

zscaler/pulumi-zia

192 lines (191 loc) 9.82 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
import * as pulumi from "@pulumi/pulumi"; import * as outputs from "./types/output"; /** * * [Official documentation](https://help.zscaler.com/zia/configuring-forwarding-policy) * * [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/forwardingRules-get) * * Use the **zia_forwarding_control_rule** data source to get information about a forwarding control rule which is used to forward selective Zscaler traffic to specific destinations based on your needs.For example, if you want to forward specific web traffic to a third-party proxy service or if you want to forward source IP anchored application traffic to a specific Zscaler Private Access (ZPA) App Connector or internal application traffic through ZIA threat and data protection engines, use forwarding control by configuring appropriate rules. * * ## Example Usage */ export declare function getForwardingControlRule(args?: GetForwardingControlRuleArgs, opts?: pulumi.InvokeOptions): Promise<GetForwardingControlRuleResult>; /** * A collection of arguments for invoking getForwardingControlRule. */ export interface GetForwardingControlRuleArgs { /** * A unique identifier assigned to the forwarding rule. */ id?: number; /** * The name of the forwarding rule. */ name?: string; /** * (string) - The rule type selected from the available options */ type?: string; } /** * A collection of values returned by getForwardingControlRule. */ export interface GetForwardingControlRuleResult { /** * (list) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments. */ readonly departments: outputs.GetForwardingControlRuleDepartment[]; /** * (string) - Additional information about the forwarding rule */ readonly description: string; /** * ** - (list) - IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges. If adding multiple items, hit Enter after each entry. */ readonly destAddresses: string[]; /** * ** - (list) estination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries. Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). */ readonly destCountries: string[]; /** * ** - (list) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control. */ readonly destIpCategories: string[]; /** * ** - (list) Any number of destination IP address groups that you want to control with this rule. */ readonly destIpGroups: outputs.GetForwardingControlRuleDestIpGroup[]; readonly destIpv6Groups: outputs.GetForwardingControlRuleDestIpv6Group[]; /** * (list) Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation. */ readonly deviceGroups: outputs.GetForwardingControlRuleDeviceGroup[]; /** * (list) Name-ID pairs of devices for which the rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation. */ readonly devices: outputs.GetForwardingControlRuleDevice[]; /** * (list) - Name-ID pairs of the Zscaler Cloud Connector groups to which the forwarding rule applies */ readonly ecGroups: outputs.GetForwardingControlRuleEcGroup[]; /** * (string) - The type of traffic forwarding method selected from the available options. */ readonly forwardMethod: string; /** * (list) You can manually select up to `8` groups. When not used it implies `Any` to apply the rule to all groups. */ readonly groups: outputs.GetForwardingControlRuleGroup[]; /** * (int) Identifier that uniquely identifies an entity */ readonly id?: number; /** * (list) Labels that are applicable to the rule. */ readonly labels: outputs.GetForwardingControlRuleLabel[]; /** * (Optional) You can manually select up to `32` location groups. When not used it implies `Any` to apply the rule to all location groups. */ readonly locationGroups: outputs.GetForwardingControlRuleLocationGroup[]; /** * (Optional) You can manually select up to `8` locations. When not used it implies `Any` to apply the rule to all groups. */ readonly locations: outputs.GetForwardingControlRuleLocation[]; /** * (string) The configured name of the entity */ readonly name?: string; /** * (list) Any number of application groups that you want to control with this rule. The service provides predefined applications that you can group, but not modify */ readonly nwApplicationGroups: outputs.GetForwardingControlRuleNwApplicationGroup[]; /** * (Optional) When not used it applies the rule to all applications. The service provides predefined applications, which you can group, but not modify. */ readonly nwApplications: string[]; /** * (list) Any number of predefined or custom network service groups to which the rule applies. */ readonly nwServiceGroups: outputs.GetForwardingControlRuleNwServiceGroup[]; /** * (list) When not used it applies the rule to all network services or you can select specific network services. The Zscaler firewall has predefined services and you can configure up to `1,024` additional custom services. */ readonly nwServices: outputs.GetForwardingControlRuleNwService[]; /** * (string) - The order of execution for the forwarding rule order. */ readonly order: number; /** * (set) The proxy gateway for which the rule is applicable. This field is applicable only for the `PROXYCHAIN` forwarding method. */ readonly proxyGateways: outputs.GetForwardingControlRuleProxyGateway[]; readonly rank: number; /** * ** - (list) List of destination domain categories to which the rule applies. */ readonly resCategories: string[]; /** * (list) Any number of source IP address groups that you want to control with this rule. */ readonly srcIpGroups: outputs.GetForwardingControlRuleSrcIpGroup[]; /** * (Optional) You can enter individual IP addresses, subnets, or address ranges. */ readonly srcIps: string[]; readonly srcIpv6Groups: outputs.GetForwardingControlRuleSrcIpv6Group[]; /** * (string) - Indicates whether the forwarding rule is enabled or disabled. */ readonly state: string; /** * (string) - The rule type selected from the available options */ readonly type?: string; /** * (list) You can manually select up to `4` general and/or special users. When not used it implies `Any` to apply the rule to all users. */ readonly users: outputs.GetForwardingControlRuleUser[]; /** * (set) The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ZPA` Gateway forwarding method. */ readonly zpaAppSegments: outputs.GetForwardingControlRuleZpaAppSegment[]; /** * (set) List of ZPA Application Segment Groups for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector). */ readonly zpaApplicationSegmentGroups: outputs.GetForwardingControlRuleZpaApplicationSegmentGroup[]; /** * (set) List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the `ECZPA` forwarding method (used for Zscaler Cloud Connector). */ readonly zpaApplicationSegments: outputs.GetForwardingControlRuleZpaApplicationSegment[]; readonly zpaBrokerRule: boolean; /** * (set) The ZPA Gateway for which this rule is applicable. This field is applicable only for the `ZPA` forwarding method. */ readonly zpaGateways: outputs.GetForwardingControlRuleZpaGateway[]; } /** * * [Official documentation](https://help.zscaler.com/zia/configuring-forwarding-policy) * * [API documentation](https://help.zscaler.com/zia/forwarding-control-policy#/forwardingRules-get) * * Use the **zia_forwarding_control_rule** data source to get information about a forwarding control rule which is used to forward selective Zscaler traffic to specific destinations based on your needs.For example, if you want to forward specific web traffic to a third-party proxy service or if you want to forward source IP anchored application traffic to a specific Zscaler Private Access (ZPA) App Connector or internal application traffic through ZIA threat and data protection engines, use forwarding control by configuring appropriate rules. * * ## Example Usage */ export declare function getForwardingControlRuleOutput(args?: GetForwardingControlRuleOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetForwardingControlRuleResult>; /** * A collection of arguments for invoking getForwardingControlRule. */ export interface GetForwardingControlRuleOutputArgs { /** * A unique identifier assigned to the forwarding rule. */ id?: pulumi.Input<number>; /** * The name of the forwarding rule. */ name?: pulumi.Input<string>; /** * (string) - The rule type selected from the available options */ type?: pulumi.Input<string>; }